CVE-2013-0348
- EPSS 0.52%
- Veröffentlicht 13.12.2013 18:07:54
- Zuletzt bearbeitet 29.04.2026 01:13:23
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
CVE-2013-1812
- EPSS 2.13%
- Veröffentlicht 12.12.2013 18:55:10
- Zuletzt bearbeitet 29.04.2026 01:13:23
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
- EPSS 10.41%
- Veröffentlicht 11.12.2013 15:55:13
- Zuletzt bearbeitet 29.04.2026 01:13:23
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows ...
CVE-2013-5619
- EPSS 3.71%
- Veröffentlicht 11.12.2013 15:55:13
- Zuletzt bearbeitet 29.04.2026 01:13:23
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecifie...
- EPSS 11.08%
- Veröffentlicht 11.12.2013 15:55:13
- Zuletzt bearbeitet 29.04.2026 01:13:23
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordere...
CVE-2013-6672
- EPSS 3.34%
- Veröffentlicht 11.12.2013 15:55:13
- Zuletzt bearbeitet 29.04.2026 01:13:23
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.
CVE-2013-6673
- EPSS 2.89%
- Veröffentlicht 11.12.2013 15:55:13
- Zuletzt bearbeitet 29.04.2026 01:13:23
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL ...
CVE-2013-5611
- EPSS 2.14%
- Veröffentlicht 11.12.2013 15:55:12
- Zuletzt bearbeitet 29.04.2026 01:13:23
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.
CVE-2013-5612
- EPSS 3.4%
- Veröffentlicht 11.12.2013 15:55:12
- Zuletzt bearbeitet 29.04.2026 01:13:23
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset ...
- EPSS 9.45%
- Veröffentlicht 11.12.2013 15:55:12
- Zuletzt bearbeitet 29.04.2026 01:13:23
Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause...